openstack/puppet-openstack-integration
Code Issues Proposed changes
puppet-openstack-integration/manifests/nova.pp
Takashi Kajinami 646eeea9d5 Test redis (sentinel) cache backend 
oslo.cache 3.7.0 introduced new options to use redis or redis sentinel
as backend. To test the functionality to configure this backend, switch
the cache backend in scenario001(Redis) and scenario002(Sentinel).

The switch is made only in CentOS because Caracal (or master) packages
are not available for Ubuntu, but may be later made in Ubuntu as well
once UCA Caracal is released.

Change-Id: Ieb681f5bbbf28e1963ab346c17e07265769da4e6
2024-04-12 00:23:33 +09:00

308 lines
11 KiB
Puppet
Raw Blame History

# Configure the Nova service
#
# [*libvirt_rbd*]
# (optional) Boolean to configure or not Nova
# to use Libvirt RBD backend.
# Defaults to false.
#
# [*libvirt_virt_type*]
# (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen
# Defaults to 'qemu'
#
# [*libvirt_cpu_mode*]
# (optional) The libvirt CPU mode to configure.
# Possible values include custom, host-model, none, host-passthrough.
# Defaults to 'none'
#
# [*modular_libvirt*]
# (optional) Use modular libvirt daemons instead of the monolithic libvirtd
# deamon
# Defaults to false
#
# [*volume_encryption*]
# (optional) Boolean to configure or not volume encryption
# Defaults to false.
#
# [*notification_topics*]
# (optional) AMQP topic used for OpenStack notifications
# Defaults to $facts['os_service_default'].
#
# [*cinder_enabled*]
# (optional) Boolean to configure or not cinder options.
# Defaults to false.
#
# [*libvirt_guests_enabled*]
# (optional) Boolean to configure or not libvirt-guests
# Defaults to false.
#
class openstack_integration::nova (
$libvirt_rbd = false,
$libvirt_virt_type = 'qemu',
$libvirt_cpu_mode = 'none',
$modular_libvirt = false,
$volume_encryption = false,
$notification_topics = $facts['os_service_default'],
$cinder_enabled = false,
$libvirt_guests_enabled = false,
) {
include openstack_integration::config
include openstack_integration::params
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'nova':
notify => Service['httpd'],
require => Package['nova-common'],
}
Exec['update-ca-certificates'] ~> Service['httpd']
}
$default_transport_url = os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
$notification_transport_url = os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
openstack_integration::mq_user { 'nova':
password => 'an_even_bigger_secret',
before => Anchor['nova::service::begin'],
}
class { 'nova::db::mysql':
charset => $::openstack_integration::params::mysql_charset,
collate => $::openstack_integration::params::mysql_collate,
password => 'nova',
host => $::openstack_integration::config::host,
}
class { 'nova::db::mysql_api':
charset => $::openstack_integration::params::mysql_charset,
collate => $::openstack_integration::params::mysql_collate,
password => 'nova',
host => $::openstack_integration::config::host,
}
include nova::cell_v2::simple_setup
# NOTE(aschultz): workaround for race condition for discover_hosts being run
# prior to the compute being registered
exec { 'wait-for-compute-registration':
path => ['/bin', '/usr/bin'],
command => 'sleep 30',
refreshonly => true,
notify => Class['nova::cell_v2::discover_hosts'],
subscribe => Anchor['nova::service::end'],
}
class { 'nova::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:8774/v2.1",
internal_url => "${::openstack_integration::config::base_url}:8774/v2.1",
admin_url => "${::openstack_integration::config::base_url}:8774/v2.1",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'nova::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'nova::keystone::service_user':
send_service_user_token => true,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
class { 'nova::logging':
debug => true,
}
class { 'nova::db':
database_connection => os_database_connection({
'dialect' => 'mysql+pymysql',
'host' => $::openstack_integration::config::ip_for_url,
'username' => 'nova',
'password' => 'nova',
'database' => 'nova',
'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}),
api_database_connection => os_database_connection({
'dialect' => 'mysql+pymysql',
'host' => $::openstack_integration::config::ip_for_url,
'username' => 'nova_api',
'password' => 'nova',
'database' => 'nova_api',
'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}),
}
class { 'nova':
default_transport_url => $default_transport_url,
notification_transport_url => $notification_transport_url,
rabbit_use_ssl => $::openstack_integration::config::ssl,
notification_driver => 'messagingv2',
notify_on_state_change => 'vm_and_task_state',
notification_topics => $notification_topics,
}
class { 'nova::api':
api_bind_address => $::openstack_integration::config::host,
sync_db => false,
sync_db_api => false,
service_name => 'httpd',
}
class { 'nova::cache':
backend => $::openstack_integration::config::cache_driver,
enabled => true,
memcache_servers => $::openstack_integration::config::memcache_servers,
redis_server => $::openstack_integration::config::redis_server,
redis_password => 'a_big_secret',
redis_sentinels => $::openstack_integration::config::redis_sentinel_server,
tls_enabled => $::openstack_integration::config::cache_tls_enabled,
}
class { 'nova::db::sync':
extra_params => '--debug',
db_sync_timeout => 600,
}
class { 'nova::db::sync_api':
extra_params => '--debug',
db_sync_timeout => 600,
}
class { 'nova::metadata':
neutron_metadata_proxy_shared_secret => 'a_big_secret',
}
class { 'nova::wsgi::apache_api':
bind_host => $::openstack_integration::config::host,
ssl_key => "/etc/nova/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => 2,
}
class { 'nova::wsgi::apache_metadata':
bind_host => $::openstack_integration::config::host,
ssl_key => "/etc/nova/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => 2,
}
class { 'nova::placement':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
}
class { 'nova::conductor':
workers => 2,
}
class { 'nova::cron::archive_deleted_rows': }
if $volume_encryption {
class { 'nova::key_manager':
backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
}
class { 'nova::key_manager::barbican':
auth_endpoint => $::openstack_integration::config::keystone_auth_uri,
barbican_endpoint => "${::openstack_integration::config::base_url}:9311",
send_service_user_token => true,
}
class { 'nova::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
}
class { 'nova::compute':
vnc_enabled => true,
instance_usage_audit => true,
instance_usage_audit_period => 'hour',
}
# NOTE(tkajinam): In Ubuntu, libvirtd-tcp.socket fails to start because of
# libvirtd.service running, though we stop the service in
# puppet-nova. Until we fix the failure, use ssh transport
# which does not require socket services.
$migration_transport = $facts['os']['family'] ? {
'Debian' => 'ssh',
default => 'tcp'
}
class { 'nova::migration::libvirt':
transport => $migration_transport,
listen_address => $::openstack_integration::config::host,
modular_libvirt => $modular_libvirt,
}
$images_type = $libvirt_rbd ? {
true => 'rbd',
false => $facts['os_service_default']
}
class { 'nova::compute::libvirt':
virt_type => $libvirt_virt_type,
cpu_mode => $libvirt_cpu_mode,
images_type => $images_type,
manage_libvirt_services => false,
}
class { 'nova::compute::libvirt::services':
modular_libvirt => $modular_libvirt,
}
class { 'nova::compute::libvirt::networks': }
if $libvirt_rbd {
class { 'nova::compute::rbd':
libvirt_rbd_user => 'openstack',
libvirt_rbd_secret_uuid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c',
libvirt_rbd_secret_key => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
libvirt_images_rbd_pool => 'nova',
rbd_keyring => 'client.openstack',
# ceph packaging is already managed by puppet-ceph
manage_ceph_client => false,
}
# make sure ceph pool exists before running nova-compute
Exec['create-nova'] -> Service['nova-compute']
} else {
include openstacklib::iscsid
Service['iscsid'] -> Service['nova-compute']
}
class { 'nova::scheduler':
workers => 2,
}
class { 'nova::scheduler::filter': }
class { 'nova::vncproxy':
host => $::openstack_integration::config::host
}
class { 'nova::network::neutron':
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
password => 'a_big_secret',
default_floating_pool => 'public',
}
if $cinder_enabled {
class { 'nova::cinder':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
auth_type => 'password',
}
}
if $libvirt_guests_enabled {
class { 'nova::compute::libvirt_guests':
enabled => true,
manage_service => true,
}
}
Keystone_endpoint <||> -> Service['nova-compute']
Keystone_service <||> -> Service['nova-compute']
Keystone_endpoint <||> -> Service['nova-conductor']
Keystone_service <||> -> Service['nova-conductor']
Keystone_endpoint <||> -> Service['nova-scheduler']
Keystone_service <||> -> Service['nova-scheduler']
}
View Git Blame Copy Permalink